Matthias Egli: How Swiss firm discovered Ethereum glitch

The team at ChainSecurity were able to halt the Constantinople upgrade in January which finally took place yesterday

It was back in January when staff at Zurich-based ChainSecurity were preparing some examples of how auditing crypto technology can work when one of the company’s founders – Dr Hubert Ritzdorf – noticed something awry in the programming.

The Ethereum Constantinople update was postponed when issues in EIP 1283 were discovered by the smart contract auditing research firm.

Smart contracts already part of the chain could have utilised code patterns that would have made them vulnerable to a re-entrancy attack after the upgrade had taken place; they wouldn’t have been vulnerable before it.

His colleague Matthias Egli told Coin Rivet at the time: “We were looking at Constantinople from an internal training point of view to show people what auditing can do.

Best researcher

“Hubert just happened to come across the flaw quite randomly which was very lucky for Ethereum as he happens to be one of the world’s best researchers in the security area.”

The flaw would have allowed people to make small changes which should not have been possible, Egli told me.

The Swiss company flagged up the problem to the Ethereum Foundation which then mobilised its development team for an emergency meeting with multi-millionaire founder Vitalik Buterin.

Matthias says he was “super impressed by their reaction – they immediately saw what was going on and brought more auditors in to verify our findings.”

Lengthy delay

It led to a lengthy delay in the Ethereum upgrade, which was scheduled to take place on February 28.

Matthias is an electrical engineer by background and became interested in the theoretical aspect of Bitcoin at university and less the economic impact.

He went on to work in Silicon Valley for several years and sat near a colleague who was “heavily involved” in Ethereum.

Eventually, he joined ChainSecurity, which was set up by two students after studying for their PhDs at university.

The company now has nine staff based in Switzerland and a remote worker in India.

Gender diversity

They also employ two women – in non-technical roles. On the issue of lack of gender diversity in the space, Matthias says: “There are a lot less women in IT in general and in IT security, it drops even more and is a very small number.

“For me, I’m engaged very actively working with associations and institutions across Europe and it doesn’t have to be like that. In countries which are former Eastern Bloc the ratio is much better.”

He says in these countries, there tends not to be any issue with gender inequality.

On mass adoption, he predicts it is not something that will happen “this year” or for some time yet. This will not come until “end users interact naturally with the blockchain.

“With the internet, it was quickly something that people started using email with.” Depending on the project, it needs to have “proven use cases before people follow and it is something that could take years to have mass adoption.”

Psychology and economy

The wild fluctuations in the price of cryptocurrency have been caused by the psychology, economy and finance. Matthias says: “I’m an engineer who’s interested from a technology point of view.”

He hasn’t found it to be “disappointing, personally as I think it is showing the live, healthy system without unhealthy things.”

The shift in the market has made it become more stable and closer to reality as a result of the market correction.

As a result of the discovery in January, the decision was rightly made to delay Constantinople.

The issue discovered by Dr Ritzdorf related to a throwback from the June 2016 ‘DAO incident’ when a mysterious hacker took $50m out of Ethereum.

To beef up security Buterin’s developers forced through a handful of hard forks and an adjustment to the gas limits.

Ethereum uses ‘gas’ as the execution fee for any operation conducted on its platform.